臺灣博碩士論文加值系統

當網際網路(Internet)在過去的十年間蓬勃發展，愈來愈多的使用者使用網際網路與他們的朋友通訊。但是網際網路並未提供隱密性(privacy)，也就是說，當機密的資料在網際網路上傳輸時，惡意的使用者可以竊取該機密資料。惡意的使用者也可以竄改在網際網路上傳輸的機密資料，所以資料完整性（integrity）也不存在。更糟糕的是，惡意的使用者可以偽裝他人來傳送資料給第三者。因此，
我們必須使用一些安全上的機制來防止上述的情況發生。

網際網路安全協定(IPSec)是一個網路層的通訊協定。藉著將安全機制實作在網路層，不論應用程式是否有提供安全機制，使用者可以確定通訊的安全。網際網路安全協定包含: 網際網路安全協定標頭定義了被附加到網際網路封包的資訊, 以及網際網路金鑰交換協定定義了談判安全參數(security association)的方法。

在這篇碩士論文裡面，我們描述了我們如何實作網際網路金鑰第二版，該協定是用來互相認證，以及建立和維護安全參數。

When the Internet has grown in the past ten years, more and more people communicate with their friends over the Internet. But Internet does not provide privacy; this means that a perpetrator may observe confidential data when the data traverses the Internet. A perpetrator may also modify data traversed the Internet, and we loss data integrity. Things can be worse; a perpetrator may pretend you to send data to others. Thus, some security mechanisms must be used to prevent the above situation from happening

IP Security (IPSec) is a network-layer protocol. By implementing security mechanism as the IP level, one can ensure secure communication not only for applications that have security mechanisms but also for many security-ignorant applications. IPSec combines a lot of security technologies, including IPSec header which defines the information to be added to an IP packet and IKE which negotiates the security association between two entities.

In this thesis, we describe implementation of IKEv2 protocol which can be used to performing mutual authentication and establishing and maintaining security association.

Table of Contents I
Chapter 1 1
Introduction 1
1.1 Contribution 2
1.2 Thesis Outline 2
Chapter 2 5
Background and Related Works 5
2.1 VPN 5
2.1.1 VPN technologies 6
2.1.2 VPN Usage scenarios 7
2.1.3 VPN technologies 8
2.2 IPSec 9
2.2.1 Why Do We Need IPSec? 10
2.2.2 What Is IPSec? 12
2.2.3 IPSec Usage Scenarios 13
2.2.4 AH and ESP 16
2.2.5 Transport Mode and Tunnel Mode 17
2.3 IKE 19
2.3.1 Phase 1 IKE: Aggressive Mode and Main Mode 20
2.3.2 Phase 2 IKE: Quick Mode 22
Chapter 3 25
Internet Key Exchange v2 (IKEv2) 25
3.1 IKEv2 Basics 25
3.1.1 The Initial Exchanges 26
3.1.2 The CREATE_CHILD_SA Exchange 29
3.1.3 The INFORMATIONAL Exchange 31
3.2 IKEv2 Protocol Details and Variations 33
3.2.1 Use of Retransmission Timers 34
3.2.2 Use of Sequence Number for Message ID 35
3.2.3 Window Size for overlapping requests 36
3.2.4 State Synchronization and Connection Timeouts 37
3.2.5 Cookies 39
3.2.6 Cryptographic Algorithm Negotiation 42
3.2.7 Rekeying 44
3.2.8 Nonces 47
3.2.9 Error Handling 47
Chapter 4 51
Implementation of IKEv2 51
4.1 System Architecture and Requirements 51
4.1.1 System Architecture 51
4.1.2 System Requirements 52
4.2 Implementation Details 52
4.2.1 Basics 52
4.2.2 Generating Keying Material 53
4.2.3 Authentication 55
4.2.4 Rekeying Policy 56
4.2.5 Intel Integrated Performance Primitives 57
4.2.6 Program Output 59
Chapter 5 60
Conclusion 60
References 61
Appendix A: Message Formats 62
Appendix B. Diffie-Hellman Groups 70

[1]Charlie Kaufman, “Internet Key Exchange (IKEv2) Protocol”, draft-ietf-ipsec-ikev2-14, May 2004, work in progress.
[2]Jeffrey I. Schiller, “Cryptographic Algorithms for use in the Internet Key Exchange Version 2”, draft-ietf-ipsec-ikev2-algorithms-04.txt, September 2003, work in progress.
[3]D. Piper, “The Internet IP Security Domain of Interpretation for ISAKMP”, RFC 2407, November 1998.
[4]D. Maughan, et al., “Internet Security Association and Key Management Protocol (ISAKMP)”, RFC 2408, November 1998.
[5]D. Harkins and D. Carrel, “The Internet Key Exchange (IKE)”, RFC 2409, November 1998.
[6]Intel Corporation, “Intel Integrated Performance Primitives for Intel Architecture, Reference Manual, Volume 4: Cryptography”, 2003.
[7]Virtual Private Network Consortium website, http://www.vpnc.org
[8]Linux FreeS/WAN website, http://www.freeswan.org